[Pkg-erlang-devel] Bug#1024632: Bug#1024632: Bug#1024632: Bug#1024632: erlang: CVE-2022-37026 Client Authentication Bypass

Sergei Golovan sgolovan at debian.org
Wed Dec 14 10:36:34 GMT 2022


Hi!

On Mon, Dec 12, 2022 at 5:27 PM Sergei Golovan <sgolovan at debian.org> wrote:
>
> Hi Salvatore,
>
> On Fri, Dec 9, 2022 at 12:15 AM Salvatore Bonaccorso <carnil at debian.org> wrote:
> >
> > The upcoming point release for 11.6 is scheduled for 17th with
> > uploading window closing the upcoming weekend. If we are confident
> > enough about potential regressions, can you make sure the fix land in
> > the next bullseye point release?
>
> Unfortunately, I've found a few regressions in the Erlang test suite,
> and I couldn't fix them myself yet. I'll try my best to do that
> tonight and tomorrow, but I'm afraid I'd suggest postponing uploading
> patched Erlang to stable.

I couldn't fix these regressions in the test suite, but it appears
that they are present
in the latest released Erlang 23 version (23.3.4.18) as well.
Therefore, I'm uploading the
fix to stable.

Cheers!
-- 
Sergei Golovan



More information about the Pkg-erlang-devel mailing list